feat: ResetPassword endpoint

2025-12-05 21:42:13 +00:00 · 2024-09-24 14:26:48 +02:00
parent 1e9d58c924
commit 04f5ed8d1c
9 changed files with 418 additions and 46 deletions
--- a/proto/zitadel/resources/user/v3alpha/user_service.proto
+++ b/proto/zitadel/resources/user/v3alpha/user_service.proto
@@ -570,7 +570,7 @@ service ZITADELUsers {

  // Set a password
  //
-  // Add, update or reset a user's password with either a verification code or the current password.
+  // Add or update a user's password with either a verification code, the current password or enough permissions.
  rpc SetPassword (SetPasswordRequest) returns (SetPasswordResponse) {
    option (google.api.http) = {
      post: "/resources/v3alpha/users/{id}/password"
@@ -618,6 +618,30 @@ service ZITADELUsers {
    };
  }

+  // Remove a password
+  //
+  // Remove a user's password.
+  rpc RemovePassword (RemovePasswordRequest) returns (RemovePasswordResponse) {
+    option (google.api.http) = {
+      delete: "/resources/v3alpha/users/{id}/password"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "Password successfully removed";
+        }
+      };
+    };
+  }
+
  // Start a WebAuthN registration
  //
  // Start the registration of a new WebAuthN device (e.g. Passkeys) for a user.
@@ -1587,6 +1611,30 @@ message RequestPasswordResetResponse {
  ];
 }

+message RemovePasswordRequest {
+  optional zitadel.object.v3alpha.Instance instance = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      default: "\"domain from HOST or :authority header\""
+    }
+  ];
+  // Optionally expect the user to be in this organization.
+  optional zitadel.object.v3alpha.Organization organization = 2;
+  // unique identifier of the user.
+  string id = 3 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1,
+      max_length: 200,
+      example: "\"69629026806489455\"";
+    }
+  ];
+}
+
+message RemovePasswordResponse {
+  zitadel.resources.object.v3alpha.Details details = 1;
+}
+
 message StartWebAuthNRegistrationRequest {
  optional zitadel.object.v3alpha.Instance instance = 1 [
    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {